mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 10:47:28 +02:00
addressed review comments
This commit is contained in:
@ -135,7 +135,7 @@ void Clr_CallbackCtx(User_SCEPKCbInfo *g)
|
|||||||
NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
if (g->sce_wrapped_key_aes128 != NULL)
|
if (g->sce_wrapped_key_aes128 != NULL)
|
||||||
XFREE(g->sce_wrapped_key_aes256,
|
XFREE(g->sce_wrapped_key_aes128,
|
||||||
NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
|
#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
|
||||||
@ -220,6 +220,8 @@ void sce_test(void)
|
|||||||
printf("wolfCrypt_Cleanup failed %d\n", ret);
|
printf("wolfCrypt_Cleanup failed %d\n", ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Clr_CallbackCtx(&guser_PKCbInfo);
|
||||||
|
|
||||||
#elif defined(BENCHMARK) && \
|
#elif defined(BENCHMARK) && \
|
||||||
(defined(WOLFSSL_RENESAS_SCEPROTECT) || \
|
(defined(WOLFSSL_RENESAS_SCEPROTECT) || \
|
||||||
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
|
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY))
|
||||||
@ -253,7 +255,7 @@ void sce_test(void)
|
|||||||
(uint32_t *)DIRECT_KEY_ADDRESS_256,
|
(uint32_t *)DIRECT_KEY_ADDRESS_256,
|
||||||
HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
|
HW_SCE_AES256_KEY_INDEX_WORD_SIZE*4);
|
||||||
p1->type = SCE_KEY_INDEX_TYPE_AES256;
|
p1->type = SCE_KEY_INDEX_TYPE_AES256;
|
||||||
guser_PKCbInfo.flags2.bits.aes256_installedkey_set = 1;
|
guser_PKCbInfo.keyflgs_crypt.bits.aes256_installedkey_set = 1;
|
||||||
|
|
||||||
/* aes 128 */
|
/* aes 128 */
|
||||||
memcpy(p2->value,
|
memcpy(p2->value,
|
||||||
@ -261,13 +263,16 @@ void sce_test(void)
|
|||||||
HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4);
|
HW_SCE_AES128_KEY_INDEX_WORD_SIZE*4);
|
||||||
|
|
||||||
p2->type = SCE_KEY_INDEX_TYPE_AES128;
|
p2->type = SCE_KEY_INDEX_TYPE_AES128;
|
||||||
guser_PKCbInfo.flags2.bits.aes128_installedkey_set = 1;
|
guser_PKCbInfo.keyflgs_crypt.bits.aes128_installedkey_set = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
printf("Start wolfCrypt Benchmark\n");
|
printf("Start wolfCrypt Benchmark\n");
|
||||||
benchmark_test(NULL);
|
benchmark_test(NULL);
|
||||||
printf("End wolfCrypt Benchmark\n");
|
printf("End wolfCrypt Benchmark\n");
|
||||||
|
|
||||||
|
/* free */
|
||||||
|
Clr_CallbackCtx(&guser_PKCbInfo);
|
||||||
|
|
||||||
#elif defined(TLS_CLIENT)
|
#elif defined(TLS_CLIENT)
|
||||||
#include "hal_data.h"
|
#include "hal_data.h"
|
||||||
#include "r_sce.h"
|
#include "r_sce.h"
|
||||||
|
@ -386,7 +386,7 @@ static int sce_aesgcm256_test(int prnt, sce_aes_wrapped_key_t* aes256_key)
|
|||||||
goto out;
|
goto out;
|
||||||
} else {
|
} else {
|
||||||
userContext.sce_wrapped_key_aes256 = (void*)aes256_key;
|
userContext.sce_wrapped_key_aes256 = (void*)aes256_key;
|
||||||
userContext.flags2.bits.aes256_installedkey_set = 1;
|
userContext.keyflgs_crypt.bits.aes256_installedkey_set = 1;
|
||||||
enc->ctx.keySize = (word32)enc->keylen;
|
enc->ctx.keySize = (word32)enc->keylen;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -582,7 +582,7 @@ static int sce_aesgcm128_test(int prnt, sce_aes_wrapped_key_t* aes128_key)
|
|||||||
goto out;
|
goto out;
|
||||||
} else {
|
} else {
|
||||||
userContext.sce_wrapped_key_aes128 = aes128_key;
|
userContext.sce_wrapped_key_aes128 = aes128_key;
|
||||||
userContext.flags2.bits.aes128_installedkey_set = 1;
|
userContext.keyflgs_crypt.bits.aes128_installedkey_set = 1;
|
||||||
enc->ctx.keySize = (word32)enc->keylen;
|
enc->ctx.keySize = (word32)enc->keylen;
|
||||||
}
|
}
|
||||||
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
|
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
|
||||||
@ -656,11 +656,15 @@ static int sce_rsa_test(int prnt, int keySize)
|
|||||||
const char inStr2[] = TEST_STRING2;
|
const char inStr2[] = TEST_STRING2;
|
||||||
const word32 inLen = (word32)TEST_STRING_SZ;
|
const word32 inLen = (word32)TEST_STRING_SZ;
|
||||||
const word32 outSz = RSA_TEST_BYTES;
|
const word32 outSz = RSA_TEST_BYTES;
|
||||||
|
byte *in = NULL;
|
||||||
|
byte *in2 = NULL;
|
||||||
|
byte *out= NULL;
|
||||||
|
byte *out2 = NULL;
|
||||||
|
|
||||||
byte *in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
byte *in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
byte *out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
byte *out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
out2 = (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
if (key == NULL || in == NULL || out == NULL ||
|
if (key == NULL || in == NULL || out == NULL ||
|
||||||
in2 == NULL || out2 == NULL) {
|
in2 == NULL || out2 == NULL) {
|
||||||
@ -682,8 +686,11 @@ static int sce_rsa_test(int prnt, int keySize)
|
|||||||
|
|
||||||
if ((ret = wc_InitRng(&rng)) != 0)
|
if ((ret = wc_InitRng(&rng)) != 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
/* make ras key by SCE */
|
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
/* make rsa key by SCE */
|
||||||
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
|
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@ -694,7 +701,7 @@ static int sce_rsa_test(int prnt, int keySize)
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = wc_RsaPrivateDecrypt(out, keySize/8, out2, outSz, key);
|
ret = wc_RsaPrivateDecrypt(out, keySize/8, out2, outSz, key);
|
||||||
if (ret != 0) {
|
if (ret < 0) {
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@ -703,6 +710,7 @@ static int sce_rsa_test(int prnt, int keySize)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
out:
|
out:
|
||||||
if (key != NULL) {
|
if (key != NULL) {
|
||||||
wc_FreeRsaKey(key);
|
wc_FreeRsaKey(key);
|
||||||
@ -735,10 +743,14 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
|
|||||||
const word32 inLen = (word32)TEST_STRING_SZ;
|
const word32 inLen = (word32)TEST_STRING_SZ;
|
||||||
const word32 outSz = RSA_TEST_BYTES;
|
const word32 outSz = RSA_TEST_BYTES;
|
||||||
|
|
||||||
byte *in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
byte *in = NULL;
|
||||||
byte *in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
byte *in2 = NULL;
|
||||||
byte *out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
byte *out= NULL;
|
||||||
|
|
||||||
|
in = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
in2 = (byte*)XMALLOC(inLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
out= (byte*)XMALLOC(outSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
(void) prnt;
|
(void) prnt;
|
||||||
|
|
||||||
if (key == NULL || in == NULL || out == NULL) {
|
if (key == NULL || in == NULL || out == NULL) {
|
||||||
@ -759,12 +771,15 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
|
|||||||
if ((ret = wc_InitRng(&rng)) != 0)
|
if ((ret = wc_InitRng(&rng)) != 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
/* make ras key by SCE */
|
if ((ret = wc_RsaSetRNG(key, &rng)) != 0)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
/* make rsa key by SCE */
|
||||||
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
|
if ((ret = wc_MakeRsaKey(key, keySize, 65537, &rng)) != 0) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
guser_PKCbInfo.flags2.bits.message_type = 0;
|
guser_PKCbInfo.keyflgs_crypt.bits.message_type = 0;
|
||||||
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
|
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
goto out;
|
goto out;
|
||||||
@ -778,11 +793,11 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
|
|||||||
}
|
}
|
||||||
/* this should succeed */
|
/* this should succeed */
|
||||||
ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
|
ret = wc_RsaSSL_Verify(in, inLen, out, keySize/8, key);
|
||||||
if (ret != 0) {
|
if (ret < 0) {
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
ret = 0;
|
||||||
out:
|
out:
|
||||||
if (key != NULL) {
|
if (key != NULL) {
|
||||||
wc_FreeRsaKey(key);
|
wc_FreeRsaKey(key);
|
||||||
@ -833,11 +848,26 @@ int sce_crypt_test()
|
|||||||
if ( ret > 0)
|
if ( ret > 0)
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
|
if (ret == 0) {
|
||||||
|
printf(" sce_rsa_test(512)(this will be done"
|
||||||
|
" by SW because SCE doesn't support 512 bits key size.)");
|
||||||
|
ret = sce_rsa_test(1, 512);
|
||||||
|
RESULT_STR(ret)
|
||||||
|
}
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
printf(" sce_rsa_test(1024)");
|
printf(" sce_rsa_test(1024)");
|
||||||
ret = sce_rsa_test(1, 1024);
|
ret = sce_rsa_test(1, 1024);
|
||||||
RESULT_STR(ret)
|
RESULT_STR(ret)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ret == 0) {
|
||||||
|
printf(" sce_rsa_SignVerify_test(512)(this will be done"
|
||||||
|
" by SW because SCE doesn't support 512 bits key size.)");
|
||||||
|
ret = sce_rsa_SignVerify_test(1, 512);
|
||||||
|
RESULT_STR(ret)
|
||||||
|
}
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
printf(" sce_rsa_SignVerify_test(1024)");
|
printf(" sce_rsa_SignVerify_test(1024)");
|
||||||
ret = sce_rsa_SignVerify_test(1, 1024);
|
ret = sce_rsa_SignVerify_test(1, 1024);
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
|
|
||||||
#include <wolfssl/wolfcrypt/settings.h>
|
#include <wolfssl/wolfcrypt/settings.h>
|
||||||
|
|
||||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#if defined(WOLFSSL_RENESAS_SCEPROTECT) \
|
||||||
|| defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \
|
|| defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) \
|
||||||
|| defined(WOLFSSL_RENESAS_TSIP_TLS)
|
|| defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||||
|
|
||||||
@ -235,13 +235,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
|||||||
if (info->cipher.type == WC_CIPHER_AES_GCM) {
|
if (info->cipher.type == WC_CIPHER_AES_GCM) {
|
||||||
|
|
||||||
if (info->cipher.enc &&
|
if (info->cipher.enc &&
|
||||||
(cbInfo->flags1.bits.session_key_set == 1 ||
|
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
|
||||||
(cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
|
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
|
||||||
info->cipher.aesgcm_enc.aes->keylen == 32) ||
|
info->cipher.aesgcm_enc.aes->keylen == 32) ||
|
||||||
(cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
|
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
|
||||||
info->cipher.aesgcm_enc.aes->keylen == 16))) {
|
info->cipher.aesgcm_enc.aes->keylen == 16))) {
|
||||||
|
|
||||||
if (cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
|
if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
|
||||||
info->cipher.aesgcm_enc.aes->keylen == 32) {
|
info->cipher.aesgcm_enc.aes->keylen == 32) {
|
||||||
|
|
||||||
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
|
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
|
||||||
@ -250,7 +250,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
|||||||
info->cipher.aesgcm_enc.aes->ctx.keySize = 32;
|
info->cipher.aesgcm_enc.aes->ctx.keySize = 32;
|
||||||
|
|
||||||
}
|
}
|
||||||
else if (cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
|
else if (
|
||||||
|
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
|
||||||
info->cipher.aesgcm_enc.aes->keylen == 16) {
|
info->cipher.aesgcm_enc.aes->keylen == 16) {
|
||||||
|
|
||||||
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
|
XMEMCPY(&info->cipher.aesgcm_enc.aes->ctx.sce_wrapped_key,
|
||||||
@ -273,13 +274,13 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
|||||||
(void*)ctx);
|
(void*)ctx);
|
||||||
|
|
||||||
}
|
}
|
||||||
else if (cbInfo->flags1.bits.session_key_set == 1 ||
|
else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
|
||||||
(cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
|
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
|
||||||
info->cipher.aesgcm_dec.aes->keylen == 32) ||
|
info->cipher.aesgcm_dec.aes->keylen == 32) ||
|
||||||
(cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
|
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
|
||||||
info->cipher.aesgcm_dec.aes->keylen == 16)) {
|
info->cipher.aesgcm_dec.aes->keylen == 16)) {
|
||||||
|
|
||||||
if (cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
|
if (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
|
||||||
info->cipher.aesgcm_dec.aes->keylen == 32) {
|
info->cipher.aesgcm_dec.aes->keylen == 32) {
|
||||||
|
|
||||||
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
|
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
|
||||||
@ -288,7 +289,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
|||||||
info->cipher.aesgcm_dec.aes->ctx.keySize = 32;
|
info->cipher.aesgcm_dec.aes->ctx.keySize = 32;
|
||||||
|
|
||||||
}
|
}
|
||||||
else if (cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
|
else if (
|
||||||
|
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
|
||||||
info->cipher.aesgcm_dec.aes->keylen == 16) {
|
info->cipher.aesgcm_dec.aes->keylen == 16) {
|
||||||
|
|
||||||
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
|
XMEMCPY(&info->cipher.aesgcm_dec.aes->ctx.sce_wrapped_key,
|
||||||
@ -314,23 +316,25 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
|||||||
#endif /* HAVE_AESGCM */
|
#endif /* HAVE_AESGCM */
|
||||||
#ifdef HAVE_AES_CBC
|
#ifdef HAVE_AES_CBC
|
||||||
if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
|
if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
|
||||||
(cbInfo->flags1.bits.session_key_set == 1 ||
|
(cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
|
||||||
(cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
|
(cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
|
||||||
info->cipher.aescbc.aes->keylen == 32) ||
|
info->cipher.aescbc.aes->keylen == 32) ||
|
||||||
(cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
|
(cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
|
||||||
info->cipher.aescbc.aes->keylen == 16))) {
|
info->cipher.aescbc.aes->keylen == 16))) {
|
||||||
|
|
||||||
if (info->cipher.enc) {
|
if (info->cipher.enc) {
|
||||||
if (cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
|
if (
|
||||||
info->cipher.aescbc.aes->keylen == 32) {
|
cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
|
||||||
|
info->cipher.aescbc.aes->keylen == 32) {
|
||||||
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
|
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
|
||||||
&cbInfo->sce_wrapped_key_aes256,
|
&cbInfo->sce_wrapped_key_aes256,
|
||||||
sizeof(sce_aes_wrapped_key_t));
|
sizeof(sce_aes_wrapped_key_t));
|
||||||
info->cipher.aescbc.aes->ctx.keySize = 32;
|
info->cipher.aescbc.aes->ctx.keySize = 32;
|
||||||
|
|
||||||
}
|
}
|
||||||
else if (cbInfo->flags2.bits.aes128_installedkey_set == 1 &&
|
else if (
|
||||||
info->cipher.aescbc.aes->keylen == 16) {
|
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
|
||||||
|
&& info->cipher.aescbc.aes->keylen == 16) {
|
||||||
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
|
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
|
||||||
&cbInfo->sce_wrapped_key_aes128,
|
&cbInfo->sce_wrapped_key_aes128,
|
||||||
sizeof(sce_aes_wrapped_key_t));
|
sizeof(sce_aes_wrapped_key_t));
|
||||||
@ -344,15 +348,16 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
|||||||
info->cipher.aescbc.sz);
|
info->cipher.aescbc.sz);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (cbInfo->flags2.bits.aes256_installedkey_set == 1 &&
|
if (
|
||||||
info->cipher.aescbc.aes->keylen == 32) {
|
cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
|
||||||
|
info->cipher.aescbc.aes->keylen == 32) {
|
||||||
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
|
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
|
||||||
&cbInfo->sce_wrapped_key_aes256,
|
&cbInfo->sce_wrapped_key_aes256,
|
||||||
sizeof(sce_aes_wrapped_key_t));
|
sizeof(sce_aes_wrapped_key_t));
|
||||||
info->cipher.aescbc.aes->ctx.keySize = 32;
|
info->cipher.aescbc.aes->ctx.keySize = 32;
|
||||||
|
} else if (
|
||||||
} else if (cbInfo->flags2.bits.aes128_installedkey_set
|
cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1
|
||||||
== 1 && info->cipher.aescbc.aes->keylen == 16) {
|
&& info->cipher.aescbc.aes->keylen == 16) {
|
||||||
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
|
XMEMCPY(&info->cipher.aescbc.aes->ctx.sce_wrapped_key,
|
||||||
&cbInfo->sce_wrapped_key_aes128,
|
&cbInfo->sce_wrapped_key_aes128,
|
||||||
sizeof(sce_aes_wrapped_key_t));
|
sizeof(sce_aes_wrapped_key_t));
|
||||||
@ -373,40 +378,63 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
|||||||
else if (info->algo_type == WC_ALGO_TYPE_PK) {
|
else if (info->algo_type == WC_ALGO_TYPE_PK) {
|
||||||
|
|
||||||
#if !defined(NO_RSA)
|
#if !defined(NO_RSA)
|
||||||
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
|
#if defined(WOLFSSL_KEY_GEN)
|
||||||
|
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
|
||||||
|
(info->pk.rsakg.size == 1024 ||
|
||||||
|
info->pk.rsakg.size == 2048)) {
|
||||||
ret = wc_sce_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
|
ret = wc_sce_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
if (info->pk.type == WC_PK_TYPE_RSA) {
|
if (info->pk.type == WC_PK_TYPE_RSA) {
|
||||||
if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
|
/* to perform RSA on SCE, wrapped keys should be installed
|
||||||
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT )
|
* in advance. SCE supports 1024 or 2048 bits key size.
|
||||||
{
|
* otherwise, falls-through happens.
|
||||||
ret = wc_sce_RsaFunction(info->pk.rsa.in,
|
*/
|
||||||
info->pk.rsa.inLen,
|
if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1
|
||||||
info->pk.rsa.out,
|
||
|
||||||
info->pk.rsa.outLen,
|
cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1
|
||||||
info->pk.rsa.type,
|
||
|
||||||
info->pk.rsa.key,
|
cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1
|
||||||
info->pk.rsa.rng,
|
||
|
||||||
(void*)ctx);
|
cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1
|
||||||
|
) {
|
||||||
|
|
||||||
|
if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
|
||||||
|
info->pk.rsa.type == RSA_PUBLIC_ENCRYPT )
|
||||||
|
{
|
||||||
|
ret = wc_sce_RsaFunction(info->pk.rsa.in,
|
||||||
|
info->pk.rsa.inLen,
|
||||||
|
info->pk.rsa.out,
|
||||||
|
info->pk.rsa.outLen,
|
||||||
|
info->pk.rsa.type,
|
||||||
|
info->pk.rsa.key,
|
||||||
|
info->pk.rsa.rng,
|
||||||
|
(void*)ctx);
|
||||||
|
}
|
||||||
|
else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){
|
||||||
|
ret = wc_sce_RsaSign(info->pk.rsa.in,
|
||||||
|
info->pk.rsa.inLen,
|
||||||
|
info->pk.rsa.out,
|
||||||
|
info->pk.rsa.outLen,
|
||||||
|
info->pk.rsa.key,
|
||||||
|
(void*)ctx);
|
||||||
|
}
|
||||||
|
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
|
||||||
|
ret = wc_sce_RsaVerify(info->pk.rsa.in,
|
||||||
|
info->pk.rsa.inLen,
|
||||||
|
info->pk.rsa.out,
|
||||||
|
info->pk.rsa.outLen,
|
||||||
|
info->pk.rsa.key,
|
||||||
|
(void*)ctx);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT /* sign */){
|
else {
|
||||||
ret = wc_sce_RsaSign(info->pk.rsa.in,
|
WOLFSSL_MSG(
|
||||||
info->pk.rsa.inLen,
|
"SCE can handle 1024 or 2048 bit key size. "
|
||||||
info->pk.rsa.out,
|
"key size is not either 1024 or 2048. "
|
||||||
info->pk.rsa.outLen,
|
"Or wrapped key is not installed. "
|
||||||
info->pk.rsa.key,
|
"RSA operation falls through to SW operation.");
|
||||||
(void*)ctx);
|
|
||||||
}
|
}
|
||||||
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
|
|
||||||
ret = wc_sce_RsaVerify(info->pk.rsa.in,
|
|
||||||
info->pk.rsa.inLen,
|
|
||||||
info->pk.rsa.out,
|
|
||||||
info->pk.rsa.outLen,
|
|
||||||
info->pk.rsa.key,
|
|
||||||
(void*)ctx);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
#endif /* NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
|
#endif /* NO_RSA && WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY */
|
||||||
}
|
}
|
||||||
@ -468,7 +496,7 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
|
|||||||
#else
|
#else
|
||||||
) {
|
) {
|
||||||
#endif
|
#endif
|
||||||
printf("invaid devid\n");
|
printf("Invalid devId\n");
|
||||||
return INVALID_DEVID;
|
return INVALID_DEVID;
|
||||||
}
|
}
|
||||||
/* need exclusive control because of static variable */
|
/* need exclusive control because of static variable */
|
||||||
@ -488,9 +516,11 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
|
|||||||
return INVALID_DEVID;
|
return INVALID_DEVID;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) && \
|
||||||
|
!defined(HAVE_RENESAS_SYNC)
|
||||||
if (ssl)
|
if (ssl)
|
||||||
wolfSSL_SetDevId(ssl, cbInfo->devId);
|
wolfSSL_SetDevId(ssl, cbInfo->devId);
|
||||||
|
#endif
|
||||||
/* sanity check for overflow */
|
/* sanity check for overflow */
|
||||||
if (gdevId < 0) {
|
if (gdevId < 0) {
|
||||||
gdevId = 7890;
|
gdevId = 7890;
|
||||||
@ -651,8 +681,9 @@ WOLFSSL_LOCAL int Renesas_cmn_EccVerify(WOLFSSL* ssl, const unsigned char* sig,
|
|||||||
* cm_row CA index
|
* cm_row CA index
|
||||||
* return FSP_SUCCESS(0) on success, otherwise WOLFSSL_FATAL_ERROR
|
* return FSP_SUCCESS(0) on success, otherwise WOLFSSL_FATAL_ERROR
|
||||||
*/
|
*/
|
||||||
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len, word32 key_n_start,
|
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
|
||||||
word32 key_n_len, word32 key_e_start, word32 key_e_len, word32 cm_row)
|
word32 key_n_start, word32 key_n_len, word32 key_e_start,
|
||||||
|
word32 key_e_len, word32 cm_row)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
@ -721,7 +752,8 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
|
|||||||
|
|
||||||
/* Renesas Security Library Common Callback
|
/* Renesas Security Library Common Callback
|
||||||
* Callback for setting Encrypt Keys.
|
* Callback for setting Encrypt Keys.
|
||||||
* Register callback for setting Encrypt Keys when keys are generated by SCE/TSIP
|
* Register callback for setting Encrypt Keys when keys are generated
|
||||||
|
* by SCE/TSIP
|
||||||
*
|
*
|
||||||
* ssl the WOLFSSL object
|
* ssl the WOLFSSL object
|
||||||
* ctx Callback context
|
* ctx Callback context
|
||||||
@ -745,7 +777,7 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
|
|||||||
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
|
User_SCEPKCbInfo* cbInfo = (User_SCEPKCbInfo*)ctx;
|
||||||
|
|
||||||
|
|
||||||
if (cbInfo->flags1.bits.session_key_set == 1) {
|
if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
|
||||||
#endif
|
#endif
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
|
@ -155,7 +155,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
|||||||
|
|
||||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
if (ret == 0 &&
|
if (ret == 0 &&
|
||||||
info->flags1.bits.session_key_set == 1) {
|
info->keyflgs_tls.bits.session_key_set == 1) {
|
||||||
/* generate AES-GCM session key. The key stored in
|
/* generate AES-GCM session key. The key stored in
|
||||||
* Aes.ctx.tsip_keyIdx is not used here.
|
* Aes.ctx.tsip_keyIdx is not used here.
|
||||||
*/
|
*/
|
||||||
@ -176,28 +176,29 @@ WOLFSSL_LOCAL int wc_sce_AesGcmEncrypt(struct Aes* aes, byte* out,
|
|||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else {
|
||||||
#else
|
#else
|
||||||
if (ret == 0)
|
if (ret == 0) {
|
||||||
#endif
|
#endif
|
||||||
if (info->flags2.bits.aes256_installedkey_set == 1 ||
|
if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
|
||||||
info->flags2.bits.aes128_installedkey_set == 1) {
|
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
|
||||||
if (aes->ctx.keySize == 32) {
|
if (aes->ctx.keySize == 32) {
|
||||||
XMEMCPY(&key_client_aes,
|
XMEMCPY(&key_client_aes,
|
||||||
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
|
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
|
||||||
sizeof(sce_aes_wrapped_key_t));
|
sizeof(sce_aes_wrapped_key_t));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XMEMCPY(&key_client_aes,
|
||||||
|
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
|
||||||
|
sizeof(sce_aes_wrapped_key_t));
|
||||||
|
}
|
||||||
|
iv_l = iv;
|
||||||
|
ivSz_l = ivSz;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
XMEMCPY(&key_client_aes,
|
WOLFSSL_MSG("AES key for SCE is not set.");
|
||||||
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
|
ret = -1;
|
||||||
sizeof(sce_aes_wrapped_key_t));
|
|
||||||
}
|
}
|
||||||
iv_l = iv;
|
|
||||||
ivSz_l = ivSz;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
WOLFSSL_MSG("AES key for SCE is not set.");
|
|
||||||
ret = -1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
@ -350,7 +351,7 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
|
|||||||
}
|
}
|
||||||
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
#if defined(WOLFSSL_RENESAS_SCEPROTECT)
|
||||||
if (ret == 0 &&
|
if (ret == 0 &&
|
||||||
info->flags1.bits.session_key_set == 1) {
|
info->keyflgs_tls.bits.session_key_set == 1) {
|
||||||
/* generate AES-GCM session key. The key stored in
|
/* generate AES-GCM session key. The key stored in
|
||||||
* Aes.ctx.tsip_keyIdx is not used here.
|
* Aes.ctx.tsip_keyIdx is not used here.
|
||||||
*/
|
*/
|
||||||
@ -370,30 +371,31 @@ WOLFSSL_LOCAL int wc_sce_AesGcmDecrypt(struct Aes* aes, byte* out,
|
|||||||
ret = -1;
|
ret = -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else {
|
||||||
#else
|
#else
|
||||||
if (ret == 0)
|
if (ret == 0) {
|
||||||
#endif
|
#endif
|
||||||
if (info->flags2.bits.aes256_installedkey_set == 1 ||
|
if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
|
||||||
info->flags2.bits.aes128_installedkey_set == 1) {
|
info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
|
||||||
if (aes->ctx.keySize == 32) {
|
if (aes->ctx.keySize == 32) {
|
||||||
XMEMCPY(&key_server_aes,
|
XMEMCPY(&key_server_aes,
|
||||||
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
|
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes256,
|
||||||
sizeof(sce_aes_wrapped_key_t));
|
sizeof(sce_aes_wrapped_key_t));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XMEMCPY(&key_server_aes,
|
||||||
|
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
|
||||||
|
sizeof(sce_aes_wrapped_key_t));
|
||||||
|
}
|
||||||
|
iv_l = iv;
|
||||||
|
ivSz_l = ivSz;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
XMEMCPY(&key_server_aes,
|
WOLFSSL_MSG("AES key for SCE is not set.");
|
||||||
(sce_aes_wrapped_key_t*)info->sce_wrapped_key_aes128,
|
ret = -1;
|
||||||
sizeof(sce_aes_wrapped_key_t));
|
|
||||||
}
|
}
|
||||||
iv_l = iv;
|
|
||||||
ivSz_l = ivSz;
|
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
WOLFSSL_MSG("AES key for SCE is not set.");
|
|
||||||
ret = -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
/* since key_index has iv and ivSz in it, no need to pass them init
|
/* since key_index has iv and ivSz in it, no need to pass them init
|
||||||
* func. Pass NULL and 0 as 3rd and 4th parameter respectively.
|
* func. Pass NULL and 0 as 3rd and 4th parameter respectively.
|
||||||
|
@ -36,12 +36,13 @@
|
|||||||
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
|
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
|
||||||
|
|
||||||
/* Make Rsa key for SCE and set it to callback ctx
|
/* Make Rsa key for SCE and set it to callback ctx
|
||||||
|
* Assumes to be called by Crypt Callback
|
||||||
*
|
*
|
||||||
* size desired keylenth, in bits. supports 1024 or 2048 bits
|
* size desired keylenth, in bits. supports 1024 or 2048 bits
|
||||||
* ctx Callback context including pointer to hold generated key
|
* ctx Callback context including pointer to hold generated key
|
||||||
* return FSP_SUCCESS(0) on Success, otherwise negative value
|
* return FSP_SUCCESS(0) on Success, otherwise negative value
|
||||||
*/
|
*/
|
||||||
WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
|
WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
|
||||||
{
|
{
|
||||||
fsp_err_t ret;
|
fsp_err_t ret;
|
||||||
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
|
User_SCEPKCbInfo *info = (User_SCEPKCbInfo*)ctx;
|
||||||
@ -118,8 +119,8 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
|
|||||||
sizeof(sce_rsa1024_public_wrapped_key_t));
|
sizeof(sce_rsa1024_public_wrapped_key_t));
|
||||||
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
|
XFREE(wrapped_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
|
||||||
|
|
||||||
info->flags2.bits.rsapri1024_installedkey_set = 1;
|
info->keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
|
||||||
info->flags2.bits.rsapub1024_installedkey_set = 1;
|
info->keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
|
||||||
}
|
}
|
||||||
else if (size == 2048) {
|
else if (size == 2048) {
|
||||||
if (info->sce_wrapped_key_rsapri2048 != NULL) {
|
if (info->sce_wrapped_key_rsapri2048 != NULL) {
|
||||||
@ -160,8 +161,8 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
|
|||||||
sizeof(sce_rsa2048_public_wrapped_key_t));
|
sizeof(sce_rsa2048_public_wrapped_key_t));
|
||||||
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
|
XFREE(wrapped_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
|
||||||
|
|
||||||
info->flags2.bits.rsapri2048_installedkey_set = 1;
|
info->keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
|
||||||
info->flags2.bits.rsapub2048_installedkey_set = 1;
|
info->keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -175,6 +176,7 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Perform rsa encryption/decryption by SCE
|
/* Perform rsa encryption/decryption by SCE
|
||||||
|
* Assumes to be called by Crypt Callback
|
||||||
*
|
*
|
||||||
* in Buffer to hold plain text
|
* in Buffer to hold plain text
|
||||||
* inLen Length of plain text in bytes
|
* inLen Length of plain text in bytes
|
||||||
@ -185,7 +187,7 @@ WOLFSSL_LOCAL int wc_sce_MakeRsaKey(int size, void* ctx)
|
|||||||
* ctx Callback context
|
* ctx Callback context
|
||||||
* return FSP_SUCCESS(0) on Success, otherwise negative value
|
* return FSP_SUCCESS(0) on Success, otherwise negative value
|
||||||
*/
|
*/
|
||||||
WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
||||||
word32 outLen, int type, struct RsaKey* key,
|
word32 outLen, int type, struct RsaKey* key,
|
||||||
struct WC_RNG* rng, void* ctx)
|
struct WC_RNG* rng, void* ctx)
|
||||||
{
|
{
|
||||||
@ -207,13 +209,14 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
|||||||
}
|
}
|
||||||
|
|
||||||
keySize = 0;
|
keySize = 0;
|
||||||
if (info->flags2.bits.rsapri2048_installedkey_set == 1 ||
|
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
|
||||||
info->flags2.bits.rsapub2048_installedkey_set == 1 )
|
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
|
||||||
keySize = 2048;
|
keySize = 2048;
|
||||||
else
|
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
|
||||||
|
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
|
||||||
keySize = 1024;
|
keySize = 1024;
|
||||||
|
|
||||||
if (keySize != 2048 && keySize != 1024) {
|
if (keySize == 0) {
|
||||||
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
|
WOLFSSL_MSG("keySize is invalid, neither 128 or 256 bytes, "
|
||||||
"1024 or 2048 bits.");
|
"1024 or 2048 bits.");
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
@ -228,7 +231,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
|||||||
cipher.data_length = outLen;
|
cipher.data_length = outLen;
|
||||||
|
|
||||||
if (keySize == 1024) {
|
if (keySize == 1024) {
|
||||||
if(info->flags2.bits.rsapub1024_installedkey_set == 1)
|
if(info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1)
|
||||||
ret = R_SCE_RSAES_PKCS1024_Encrypt(&plain, &cipher,
|
ret = R_SCE_RSAES_PKCS1024_Encrypt(&plain, &cipher,
|
||||||
(sce_rsa1024_public_wrapped_key_t*)
|
(sce_rsa1024_public_wrapped_key_t*)
|
||||||
info->sce_wrapped_key_rsapub1024);
|
info->sce_wrapped_key_rsapub1024);
|
||||||
@ -238,7 +241,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if(info->flags2.bits.rsapub2048_installedkey_set == 1)
|
if(info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1)
|
||||||
ret = R_SCE_RSAES_PKCS2048_Encrypt(&plain, &cipher,
|
ret = R_SCE_RSAES_PKCS2048_Encrypt(&plain, &cipher,
|
||||||
(sce_rsa2048_public_wrapped_key_t*)
|
(sce_rsa2048_public_wrapped_key_t*)
|
||||||
info->sce_wrapped_key_rsapub2048);
|
info->sce_wrapped_key_rsapub2048);
|
||||||
@ -255,7 +258,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
|||||||
cipher.data_length = inLen;
|
cipher.data_length = inLen;
|
||||||
|
|
||||||
if (keySize == 1024) {
|
if (keySize == 1024) {
|
||||||
if(info->flags2.bits.rsapri1024_installedkey_set == 1)
|
if(info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1)
|
||||||
ret = R_SCE_RSAES_PKCS1024_Decrypt(&cipher, &plain,
|
ret = R_SCE_RSAES_PKCS1024_Decrypt(&cipher, &plain,
|
||||||
(sce_rsa1024_private_wrapped_key_t*)
|
(sce_rsa1024_private_wrapped_key_t*)
|
||||||
info->sce_wrapped_key_rsapri1024);
|
info->sce_wrapped_key_rsapri1024);
|
||||||
@ -265,7 +268,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if(info->flags2.bits.rsapri2048_installedkey_set == 1)
|
if(info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1)
|
||||||
ret = R_SCE_RSAES_PKCS2048_Decrypt(&cipher, &plain,
|
ret = R_SCE_RSAES_PKCS2048_Decrypt(&cipher, &plain,
|
||||||
(sce_rsa2048_private_wrapped_key_t*)
|
(sce_rsa2048_private_wrapped_key_t*)
|
||||||
info->sce_wrapped_key_rsapri2048);
|
info->sce_wrapped_key_rsapri2048);
|
||||||
@ -282,7 +285,8 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Perform Rsa sign by SCE
|
/* Perform Rsa sign by SCE
|
||||||
*
|
* Assumes to be called by Crypt Callback
|
||||||
|
*
|
||||||
* in Buffer to hold plaintext
|
* in Buffer to hold plaintext
|
||||||
* inLen Length of plaintext in bytes
|
* inLen Length of plaintext in bytes
|
||||||
* out Buffer to hold generated signature
|
* out Buffer to hold generated signature
|
||||||
@ -292,7 +296,7 @@ WOLFSSL_LOCAL int wc_sce_RsaFunction(const byte* in, word32 inLen, byte* out,
|
|||||||
* return FSP_SUCCESS(0) on Success, otherwise negative value
|
* return FSP_SUCCESS(0) on Success, otherwise negative value
|
||||||
*/
|
*/
|
||||||
|
|
||||||
WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
|
WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
|
||||||
word32* outLen, struct RsaKey* key, void* ctx)
|
word32* outLen, struct RsaKey* key, void* ctx)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
@ -311,13 +315,14 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
|
|||||||
}
|
}
|
||||||
|
|
||||||
keySize = 0;
|
keySize = 0;
|
||||||
if (info->flags2.bits.rsapri2048_installedkey_set == 1 ||
|
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
|
||||||
info->flags2.bits.rsapub2048_installedkey_set == 1 )
|
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
|
||||||
keySize = 2048;
|
keySize = 2048;
|
||||||
else
|
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
|
||||||
|
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
|
||||||
keySize = 1024;
|
keySize = 1024;
|
||||||
|
|
||||||
if (keySize != 2048 && keySize != 1024) {
|
if (keySize == 0) {
|
||||||
WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
|
WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
@ -325,7 +330,7 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
|
|||||||
message_hash.pdata = in;
|
message_hash.pdata = in;
|
||||||
message_hash.data_length = inLen;
|
message_hash.data_length = inLen;
|
||||||
message_hash.data_type =
|
message_hash.data_type =
|
||||||
info->flags2.bits.message_type;/* message 0, hash 1 */
|
info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
|
||||||
signature.pdata = out;
|
signature.pdata = out;
|
||||||
signature.data_length = outLen;
|
signature.data_length = outLen;
|
||||||
|
|
||||||
@ -354,7 +359,8 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Perform Rsa verify by SCE
|
/* Perform Rsa verify by SCE
|
||||||
*
|
* Assumes to be called by Crypt Callback
|
||||||
|
*
|
||||||
* in Buffer to hold plaintext
|
* in Buffer to hold plaintext
|
||||||
* inLen Length of plaintext in bytes
|
* inLen Length of plaintext in bytes
|
||||||
* out Buffer to hold generated signature
|
* out Buffer to hold generated signature
|
||||||
@ -364,7 +370,7 @@ WOLFSSL_LOCAL int wc_sce_RsaSign(const byte* in, word32 inLen, byte* out,
|
|||||||
* return FSP_SUCCESS(0) on Success, otherwise negative value
|
* return FSP_SUCCESS(0) on Success, otherwise negative value
|
||||||
*/
|
*/
|
||||||
|
|
||||||
WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
|
WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
|
||||||
word32* outLen,struct RsaKey* key, void* ctx)
|
word32* outLen,struct RsaKey* key, void* ctx)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
@ -383,13 +389,14 @@ WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
|
|||||||
}
|
}
|
||||||
|
|
||||||
keySize = 0;
|
keySize = 0;
|
||||||
if (info->flags2.bits.rsapri2048_installedkey_set == 1 ||
|
if (info->keyflgs_crypt.bits.rsapri2048_installedkey_set == 1 ||
|
||||||
info->flags2.bits.rsapub2048_installedkey_set == 1 )
|
info->keyflgs_crypt.bits.rsapub2048_installedkey_set == 1 )
|
||||||
keySize = 2048;
|
keySize = 2048;
|
||||||
else
|
else if (info->keyflgs_crypt.bits.rsapri1024_installedkey_set == 1 ||
|
||||||
|
info->keyflgs_crypt.bits.rsapub1024_installedkey_set == 1 )
|
||||||
keySize = 1024;
|
keySize = 1024;
|
||||||
|
|
||||||
if (keySize != 2048 && keySize != 1024) {
|
if (keySize == 0) {
|
||||||
WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
|
WOLFSSL_MSG("keySize is invalid, neither 1024 or 2048 bits.");
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
@ -398,7 +405,7 @@ WOLFSSL_LOCAL int wc_sce_RsaVerify(const byte* in, word32 inLen, byte* out,
|
|||||||
message_hash.pdata = in;
|
message_hash.pdata = in;
|
||||||
message_hash.data_length = inLen;
|
message_hash.data_length = inLen;
|
||||||
message_hash.data_type =
|
message_hash.data_type =
|
||||||
info->flags2.bits.message_type;/* message 0, hash 1 */
|
info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */
|
||||||
|
|
||||||
signature.pdata = out;
|
signature.pdata = out;
|
||||||
signature.data_length = outLen;
|
signature.data_length = outLen;
|
||||||
|
@ -223,11 +223,11 @@ static int SCE_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl, const uint8_t* sig
|
|||||||
|
|
||||||
if (ret != FSP_SUCCESS) {
|
if (ret != FSP_SUCCESS) {
|
||||||
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
|
WOLFSSL_MSG("failed R_SCE_TLS_ServerKeyExchangeVerify");
|
||||||
cbInfo->flags1.bits.pk_key_set = 0;
|
cbInfo->keyflgs_tls.bits.pk_key_set = 0;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ret = WOLFSSL_SUCCESS;
|
ret = WOLFSSL_SUCCESS;
|
||||||
cbInfo->flags1.bits.pk_key_set = 1;
|
cbInfo->keyflgs_tls.bits.pk_key_set = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -361,7 +361,7 @@ WOLFSSL_LOCAL int SCE_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
|||||||
WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
|
WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
|
||||||
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
|
side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
|
||||||
|
|
||||||
if (cbInfo->flags1.bits.pk_key_set == 1) {
|
if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) {
|
||||||
if ((ret = wc_sce_hw_lock()) == 0) {
|
if ((ret = wc_sce_hw_lock()) == 0) {
|
||||||
/* Generate ECC PUblic key pair */
|
/* Generate ECC PUblic key pair */
|
||||||
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
|
ret = R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate(
|
||||||
@ -784,7 +784,7 @@ WOLFSSL_LOCAL int wc_sce_generateSessionKey(WOLFSSL *ssl,
|
|||||||
dec->aes->devId = devId;
|
dec->aes->devId = devId;
|
||||||
|
|
||||||
/* marked as session key is set */
|
/* marked as session key is set */
|
||||||
cbInfo->flags1.bits.session_key_set = 1;
|
cbInfo->keyflgs_tls.bits.session_key_set = 1;
|
||||||
}
|
}
|
||||||
/* unlock hw */
|
/* unlock hw */
|
||||||
wc_sce_hw_unlock();
|
wc_sce_hw_unlock();
|
||||||
@ -1138,8 +1138,8 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx;
|
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx] = (User_SCEPKCbInfo*)user_ctx;
|
||||||
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->flags1.bits.pk_key_set = 0;
|
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
|
||||||
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->flags1.bits.session_key_set = 0;
|
gSCE_PKCbInfo.user_PKCbInfo[sce_sess_idx]->keyflgs_tls.bits.session_key_set = 0;
|
||||||
|
|
||||||
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
|
wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
|
||||||
wolfSSL_SetRsaEncCtx(ssl, user_ctx);
|
wolfSSL_SetRsaEncCtx(ssl, user_ctx);
|
||||||
|
@ -3377,7 +3377,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
|
|||||||
/* SCE needs warpped key which is passed via
|
/* SCE needs warpped key which is passed via
|
||||||
* user ctx object of crypt-call back.
|
* user ctx object of crypt-call back.
|
||||||
*/
|
*/
|
||||||
#ifdef WOLF_CRYPTO_CB
|
#ifdef WOLF_CRYPTO_CB
|
||||||
if (key->devId != INVALID_DEVID) {
|
if (key->devId != INVALID_DEVID) {
|
||||||
/* SCE supports 1024 and 2048 bits */
|
/* SCE supports 1024 and 2048 bits */
|
||||||
ret = wc_CryptoCb_Rsa(in, inLen, out,
|
ret = wc_CryptoCb_Rsa(in, inLen, out,
|
||||||
@ -3387,8 +3387,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
|
|||||||
/* fall-through when unavailable */
|
/* fall-through when unavailable */
|
||||||
ret = 0; /* reset error code and try using software */
|
ret = 0; /* reset error code and try using software */
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* WOLFSSL_SE050 */
|
#endif /* WOLFSSL_SE050 */
|
||||||
|
|
||||||
key->state = RSA_STATE_ENCRYPT_PAD;
|
key->state = RSA_STATE_ENCRYPT_PAD;
|
||||||
@ -3535,14 +3534,14 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
|
|||||||
}
|
}
|
||||||
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
|
#elif defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
|
||||||
#ifdef WOLF_CRYPTO_CB
|
#ifdef WOLF_CRYPTO_CB
|
||||||
if (key->devId != INVALID_DEVID) {
|
if (key->devId != INVALID_DEVID) {
|
||||||
ret = wc_CryptoCb_Rsa(in, inLen, out,
|
ret = wc_CryptoCb_Rsa(in, inLen, out,
|
||||||
outLen, rsa_type, key, rng);
|
outLen, rsa_type, key, rng);
|
||||||
if (ret != CRYPTOCB_UNAVAILABLE)
|
if (ret != CRYPTOCB_UNAVAILABLE)
|
||||||
return ret;
|
return ret;
|
||||||
/* fall-through when unavailable */
|
/* fall-through when unavailable */
|
||||||
ret = 0; /* reset error code and try using software */
|
ret = 0; /* reset error code and try using software */
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* WOLFSSL_CRYPTOCELL */
|
#endif /* WOLFSSL_CRYPTOCELL */
|
||||||
|
@ -61,7 +61,8 @@
|
|||||||
#if defined(WOLFSSL_RENESAS_TSIP)
|
#if defined(WOLFSSL_RENESAS_TSIP)
|
||||||
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
|
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSL_RENESAS_SCE)
|
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
|
||||||
|
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
|
||||||
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
|
#include <wolfssl/wolfcrypt/port/Renesas/renesas-sce-crypt.h>
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSL_RENESAS_RX64_HASH)
|
#if defined(WOLFSSL_RENESAS_RX64_HASH)
|
||||||
|
@ -36,14 +36,14 @@ extern "C" {
|
|||||||
|
|
||||||
typedef void* renesas_sce_wrappedkey;
|
typedef void* renesas_sce_wrappedkey;
|
||||||
|
|
||||||
/* related to TLS */
|
/* flsgas related to TLS */
|
||||||
struct sce_flags1 {
|
struct sce_keyflgs_tls {
|
||||||
uint8_t pk_key_set:1;
|
uint8_t pk_key_set:1;
|
||||||
uint8_t session_key_set:1;
|
uint8_t session_key_set:1;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Crypt Only */
|
/* flags Crypt Only */
|
||||||
struct sce_flags2 {
|
struct sce_keyflgs_cryt {
|
||||||
uint8_t aes256_installedkey_set:1;
|
uint8_t aes256_installedkey_set:1;
|
||||||
uint8_t aes128_installedkey_set:1;
|
uint8_t aes128_installedkey_set:1;
|
||||||
uint8_t rsapri2048_installedkey_set:1;
|
uint8_t rsapri2048_installedkey_set:1;
|
||||||
@ -88,13 +88,14 @@ typedef struct tagUser_SCEPKCbInfo {
|
|||||||
/* flag whether encrypted ec key is set */
|
/* flag whether encrypted ec key is set */
|
||||||
union {
|
union {
|
||||||
uint8_t chr;
|
uint8_t chr;
|
||||||
struct sce_flags1 bits;
|
struct sce_keyflgs_tls bits;
|
||||||
} flags1;
|
} keyflgs_tls;
|
||||||
|
/* key status flags */
|
||||||
|
/* flags shows status if wrapped keys are installed */
|
||||||
union {
|
union {
|
||||||
uint8_t chr;
|
uint8_t chr;
|
||||||
struct sce_flags2 bits;
|
struct sce_keyflgs_cryt bits;
|
||||||
} flags2
|
} keyflgs_crypt;
|
||||||
|
|
||||||
} User_SCEPKCbInfo;
|
} User_SCEPKCbInfo;
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user